<?php
	include('config_ws.inc');

	$operation = $_GET['o'];
	
	//search by cve name sort by name
	//parameter p1 = search word of cve name
	if( $operation == 'searchn' ){
		
		mysql_connect($dbhost, $dbuser, $dbpass) or die('Cant connect to database');
		mysql_select_db('cve') or die('Cant select database cve');
		
		$name = $_GET['p1'];
		$page = $_GET['p2'];

		$first = $page * 100;

		$query = "SELECT cvename, cveinfo.description, searchresult.total from cveinfo JOIN searchresult USING (cvename) ";
		$query .= "WHERE cvename LIKE '%$name%' AND cveinfo.status = 0 AND searchresult.status = 1 ORDER BY searchresult.total DESC ";
		$query .= "LIMIT $first, 100";
		//echo $query;
		
		$buffer = mysql_query($query);
		if ($buffer === false) {
			die(mysql_error());
		}
		$result_num = mysql_num_rows($buffer);
		
		if( $result_num > 0 ){
			while( $result[] = mysql_fetch_assoc($buffer) );
			unset( $result[$result_num] );
			//print_r( $result );
			echo json_encode( $result );
		}
		else
			echo false;
	}

	//search by product sort by total_score
	//parameter p1 = search word of product
	else if( $operation == 'searchp' ){
		
		mysql_connect($dbhost, $dbuser, $dbpass) or die('Cant connect to database');
		mysql_select_db('cve') or die('Cant select database cve');
		
		$product = $_GET['p1'];
		$page = $_GET['p2'];

		$first = $page * 100;
		
		$query = "SELECT cvename, cveinfo.description, searchresult.total FROM cveinfo JOIN searchresult USING (cvename) ";
		$query .= "WHERE cvename IN (SELECT DISTINCT cvename FROM effect WHERE product LIKE '%$product%') ";
		$query .= "AND cveinfo.status = 0 AND searchresult.status = 1 ORDER BY searchresult.total DESC ";
		$query .= "LIMIT $first, 100";
		//echo $query;

		$buffer = mysql_query($query);
		$result_num = mysql_num_rows($buffer);

		if( $result_num > 0 ){
			while( $result[] = mysql_fetch_assoc($buffer) );
			unset( $result[$result_num] );
			//print_r( $result );
			echo json_encode( $result );
		}
		else
			echo false;
	}

	else if( $operation == 'rankplist' ){
		mysql_connect($dbhost, $dbuser, $dbpass) or die('Cant connect to database');
		mysql_select_db('cve') or die('Cant select database cve');

		$productStr = $_GET['p1'];
		$page = $_GET['p2'];
		$first = $page * 10;

		$productStr = substr($productStr, 0, -1);
		$productStr = preg_replace('/;/', "','", $productStr);
		$productStr = "'".$productStr."'";
		//echo $productStr;
		$query = "SELECT DISTINCT cvename, cveinfo.description, searchresult.total FROM ";
		$query .= "(cveinfo JOIN effect USING (cvename)) JOIN searchresult USING (cvename) ";
		$query .= "WHERE effect.product IN ($productStr) AND cveinfo.status = 0 AND searchresult.status = 1 ORDER BY searchresult.total DESC ";
		$query .= "LIMIT $first, 10";
		//echo $query;
		$buffer = mysql_query($query);
		$result_num = mysql_num_rows($buffer);
		if( $result_num > 0 ){
			while( $result[] = mysql_fetch_assoc($buffer) );
			unset( $result[$result_num] );
			//print_r( $result );
			echo json_encode( $result );
		}
		else
			echo false;
		
	}

	//rank list that user input
	//parameter p1 = list of input
	//input in format cve1;cve2;cve3; << dont forget last ;
	else if( $operation == 'ranklist' ){
		mysql_connect($dbhost, $dbuser, $dbpass) or die('Cant connect to database');
		mysql_select_db('cve') or die('Cant select database cve');

		$liststr = $_GET['p1'];
		$list = preg_split('/;/', $liststr);
		unset($list[count($list)-1]);
		//print_r($list);
		
		$cvelist = "";
		foreach($list as $index => $value){
			if( $index == count($list) - 1 ) $cvelist .= "'".$value."'";
			else $cvelist .= "'".$value."', ";
		}
		//echo $cvelist;
		
		$query = "SELECT cvename, cveinfo.description, searchresult.total from cveinfo JOIN searchresult USING (cvename) ";
		$query .= "WHERE cvename IN ($cvelist) ";
		$query .= "AND cveinfo.status = 0 AND searchresult.status = 1 ORDER BY searchresult.total DESC";
		//echo $query;
		
		$buffer = mysql_query($query);
		$result_num = mysql_num_rows($buffer);

		if( $result_num > 0 ){
			while( $result[] = mysql_fetch_assoc($buffer) );
			unset( $result[$result_num] );
			//print_r( $result );
			echo json_encode( $result );
		}
		else echo false;
	}

	else if( $operation == "isin" ){
		mysql_connect($dbhost, $dbuser, $dbpass) or die('Cant connect to database');
		mysql_select_db('cve') or die('Cant select database cve');

		$name = $_GET['p1'];
		$query = "SELECT cvename from cveinfo WHERE cvename = '$name' AND status = 0";
		$buffer = mysql_query($query);

		if( mysql_num_rows($buffer) == 0 )
			echo false;
		else
			echo true;
	}

	else if( $operation == "allinfo" ){
		$link = mysql_connect($dbhost, $dbuser, $dbpass) or die('Cant connect to database');
		mysql_select_db('cve') or die('Cant select database cve');

		$name = $_GET['p1'];
		$query = "SELECT cvename, effect.vendor, effect.product, effect.versions FROM effect JOIN cveinfo USING (cvename) ";
		$query .= "WHERE cvename = '$name' AND cveinfo.status = 0";
		$buffer = mysql_query($query);
		$result_num = mysql_num_rows($buffer);
		if( $result_num > 0 ){
			while( $r = mysql_fetch_assoc($buffer) ){
				$vendor[] = $r['vendor'];
				$product[] = $r['product'];
				$versions[] = $r['versions'];
			}
		}

		$query = "SELECT * FROM cveinfo JOIN searchresult USING (cvename) ";
		$query .= "WHERE cvename = '$name' AND cveinfo.status = 0 AND searchresult.status = 1";
		$buffer = mysql_query($query);

		if( mysql_num_rows($buffer) > 0 ){
			$result = mysql_fetch_assoc($buffer);
			$result['vendor'] = $vendor;
			$result['product'] = $product;
			$result['versions'] = $versions;
			echo json_encode( $result );
		}
		else echo false;
	}

	else if( $operation == "pageinfo" ){
		mysql_connect($dbhost, $dbuser, $dbpass) or die('Cant connect to database');
		mysql_select_db('cve') or die('Cant select database cve');

		$name = $_GET['p1'];
		$rank = $_GET['p2'];

		if( $rank == null || $rank == '' ){
			$query = "SELECT cvename, rank, title FROM `pageinfo` ";
			$query .= "WHERE cvename = '$name' AND status = 1 ORDER BY rank";
			$buffer = mysql_query($query);
			$result_num = mysql_num_rows($buffer);

			if( $result_num > 0 ){
				while( $result[] = mysql_fetch_assoc($buffer) );
				unset( $result[$result_num] );
				//print_r( $result );
				echo json_encode( $result );
			}
			else echo false;
		}
		
		else{
			$query = "SELECT * from pageinfo ";
			$query .= "WHERE cvename = '$name' AND rank = $rank AND status = 1";
			$buffer = mysql_query($query);
			$result_num = mysql_num_rows($buffer);

			if( $result_num > 0 ){
				$result = mysql_fetch_assoc($buffer);
				echo json_encode( $result );
			}
			else echo false;
		}
	
	}

	else if( $operation == 'allproduct' ){
		mysql_connect($dbhost, $dbuser, $dbpass) or die('Cant connect to database');
		mysql_select_db('cve') or die('Cant select database cve');

		$query = "SELECT DISTINCT product FROM effect ORDER BY product";
		$buffer = mysql_query($query);
		$result_num = mysql_num_rows($buffer);

		if( $result_num > 0 ){
			while( $result[] = mysql_fetch_assoc($buffer) );
			unset( $result[$result_num] );
			//print_r( $result );
			echo json_encode( $result );
		}
		else echo false;
	}

?>